Symantec Reports New Malware Targeting the Energy Sector

Trojan.Laziok, a new malware program, targets companies in the energy sector meaning that attackers are likely to have an interest in the affairs of the affected companies.

How Does Trojan.Laziok Work?

According to Symantec, a security company, Trojan.Laziok “acts as a reconnaissance tool allowing attackers to gather information and tailor their attack methods for each compromised computer.”

The gathered information consists of RAM size, hard disk size, GPU and CPU type, and installed software. These details are enough for the attackers to determine whether the infected system is worth any exploitation at all. The cybercriminals may then decide to further infect the system with additional software allowing them remote access to the computer. The malware that is used to allow remote access to the infected system consists of Backdoor.Cyberat and Trojan.Zbot.

Who Is the Target?

According to a research conducted by Symantec, the Trojan.Laziok’s targets are from the petroleum, gas and helium industries from many countries mainly in the Middle East, as well as the U.S., India, the U.K. and others.

How Is the Trojan.Laziok Distributed?

As a typical Trojan, the malware is distributed via emails containing malicious files packed with an exploit for the Microsoft Office vulnerability which has already been exploited in a variety of campaigns in the past. In fact, a patch for this vulnerability has existed since April 2012.

The malicious email attachment is typically an Excel file and when opened, the code is executed, after which it infiltrates the Trojan.Laziok and the infection process begins.

According to Symantec researchers, “The group behind the attack does not seem to be particularly advanced, as they exploited an old vulnerability and used their attack to distribute well-known threats that are available in the underground market.” They also added, “However, many people still fail to apply patches for vulnerabilities that are several years old, leaving themselves open to attacks of this kind.”